Are our enemies writing our military’s software? Unfortunately, that’s more than just a possibility. The Defense Science Board Task Force, a committee advising the Secretary of Defense, issued a report warning the Pentagon about its vulnerability to software produced by outside contractors. The 92-page document, released in September, received virtually no attention until yesterday, when CNN’s Bill Tucker discussed the subject on Lou Dobbs Tonight.
Code is now being written in countries “that may have interests inimical to those of the United States,” the report diplomatically notes. “The combination of DoD’s profound and growing dependence upon software and the expanding opportunity for adversaries to introduce malicious code into this software has led to a growing risk to the nation’s defense.” Defense contractors naturally have sought the lowest cost software. And as Tucker notes, “In seeking that lowest cost, we’ve lost track of who has written what and where, trusting the intentions of those writing the computer software that ultimately guards our country.”
It’s a mother’s sorrow when a child is sickened due to lead paint on a Chinese-made toy. It’s a nation’s tragedy when multi-billion dollar weapons systems stop working in battle because of malware inserted by a foreign programmer. “The problem is we have a strategy now for net-centric warfare—everything is connected,” said Robert Lucky, chairman of the task force, last year. “And if the adversary is inside your network, you are totally vulnerable.” It only makes sense, as the task force recommends, that only American citizens with security clearances be allowed to write software for “critical system components.”
At this moment, the United States is fighting insurgents in Iraq, the Taliban in Afghanistan, and unseen adversaries elsewhere. Electronic warfare occurs every day, waged against us by China and perhaps other countries as well. We can’t stop others from trying to attack our networks, but we don’t have to let them place trapdoors and Trojan Horses into our weapons. The time to stop outsourcing our security is now.